The subject of this monographic work is an in-depth analysis of the rights and legal remedies available to data subjects, as provided under national and European legal frameworks, in cases involving the processing of health data for the purposes of individual care as well as for the pursuit of collective needs.
This analysis rests upon the precarious balance between the right to informational self-determination and the free movement of data for scientific research purposes. In examining the experiences of individual Member States of the European Union, a fragmentation and lack of clarity in the regulatory framework have emerged. This situation has led to the most recent Union legislation proposing a partial reconsideration of the approach adopted by the GDPR regarding the primary and secondary use of health data.
New regulatory directions have been outlined, such as the strengthening of data subject rights (notably the rights of access, portability, and rectification in the EHDS Regulation); the intermediation of entities capable of inspiring trust in data subjects and supporting them in managing their personal data (Data Governance Act); and the introduction of the requirement for administrative authorisation issued by a public body for the secondary use of health data (EHDS Regulation).
Moreover, the EHDS proposes a reversal in the hierarchy of legal bases for the processing of health data, shifting from the primacy of consent to that of public interest, counterbalanced by the possibility for data subjects to exercise an opt-out. This work also undertakes a detailed examination of the contractual and non-contractual liability profiles that may arise when there are deviations from the established terms and conditions governing access to and reuse of health data flows.
